Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/breezy-3.1.0/breezy/_annotator_pyx.c Examining data/breezy-3.1.0/breezy/_bencode_pyx.c Examining data/breezy-3.1.0/breezy/_bencode_pyx.h Examining data/breezy-3.1.0/breezy/_chunks_to_lines_pyx.c Examining data/breezy-3.1.0/breezy/_export_c_api.h Examining data/breezy-3.1.0/breezy/_import_c_api.h Examining data/breezy-3.1.0/breezy/_known_graph_pyx.c Examining data/breezy-3.1.0/breezy/_readdir_pyx.c Examining data/breezy-3.1.0/breezy/_rio_pyx.c Examining data/breezy-3.1.0/breezy/_simple_set_pyx.c Examining data/breezy-3.1.0/breezy/_simple_set_pyx.h Examining data/breezy-3.1.0/breezy/_simple_set_pyx_api.h Examining data/breezy-3.1.0/breezy/_static_tuple_c.c Examining data/breezy-3.1.0/breezy/_static_tuple_c.h Examining data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c Examining data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c Examining data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c Examining data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.h Examining data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c Examining data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c Examining data/breezy-3.1.0/breezy/bzr/delta.h Examining data/breezy-3.1.0/breezy/bzr/diff-delta.c Examining data/breezy-3.1.0/breezy/python-compat.h Examining data/breezy-3.1.0/breezy/readdir.h FINAL RESULTS: data/breezy-3.1.0/breezy/_annotator_pyx.c:772:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/breezy-3.1.0/breezy/_bencode_pyx.c:775:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/breezy-3.1.0/breezy/_bencode_pyx.c:4802:15: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. __pyx_v_n = snprintf(__pyx_v_self->tail, __pyx_e_6breezy_12_bencode_pyx_INT_BUF_SIZE, ((char *)"i%de"), __pyx_v_x); data/breezy-3.1.0/breezy/_bencode_pyx.c:5049:15: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. __pyx_v_n = snprintf(__pyx_v_self->tail, __pyx_e_6breezy_12_bencode_pyx_INT_BUF_SIZE, ((char *)"%ld:"), __pyx_v_x_len); data/breezy-3.1.0/breezy/_chunks_to_lines_pyx.c:772:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/breezy-3.1.0/breezy/_known_graph_pyx.c:772:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/breezy-3.1.0/breezy/_readdir_pyx.c:778:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/breezy-3.1.0/breezy/_rio_pyx.c:772:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/breezy-3.1.0/breezy/_simple_set_pyx.c:771:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:774:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:774:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:1613:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void)(sprintf(__pyx_v_c_out, ((char const *)"%08lX"), __pyx_v_crc_val)); data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:775:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:774:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c:772:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/breezy-3.1.0/breezy/python-compat.h:116:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/breezy-3.1.0/breezy/python-compat.h:116:20: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/breezy-3.1.0/breezy/_bencode_pyx.c:9842:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/breezy-3.1.0/breezy/_bencode_pyx.c:9843:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/_bencode_pyx.c:9843:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/_bencode_pyx.c:9864:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/breezy-3.1.0/breezy/_known_graph_pyx.c:17131:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/breezy-3.1.0/breezy/_known_graph_pyx.c:17132:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/_known_graph_pyx.c:17132:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/_known_graph_pyx.c:17153:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/breezy-3.1.0/breezy/_readdir_pyx.c:6849:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/breezy-3.1.0/breezy/_readdir_pyx.c:6850:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/_readdir_pyx.c:6850:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/_readdir_pyx.c:6871:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/breezy-3.1.0/breezy/_simple_set_pyx.c:8379:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/breezy-3.1.0/breezy/_simple_set_pyx.c:8380:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/_simple_set_pyx.c:8380:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/_simple_set_pyx.c:8401:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:13285:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:13286:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:13286:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:13307:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:29656:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:29657:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:29657:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:29678:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:8628:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:8629:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:8629:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:8650:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c:6046:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c:6047:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c:6047:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c:6068:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/breezy-3.1.0/breezy/_annotator_pyx.c:725:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/breezy-3.1.0/breezy/_annotator_pyx.c:5803:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/breezy-3.1.0/breezy/_annotator_pyx.c:7436:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/breezy-3.1.0/breezy/_annotator_pyx.c:7440:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/breezy-3.1.0/breezy/_bencode_pyx.c:728:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/breezy-3.1.0/breezy/_bencode_pyx.c:4967:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(__pyx_v_self->tail, PyBytes_AS_STRING(__pyx_v_s), __pyx_v_n)); data/breezy-3.1.0/breezy/_bencode_pyx.c:5093:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(((void *)(__pyx_v_self->tail + __pyx_v_n)), PyBytes_AS_STRING(__pyx_v_x), __pyx_v_x_len)); data/breezy-3.1.0/breezy/_bencode_pyx.c:9876:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/breezy-3.1.0/breezy/_bencode_pyx.c:11479:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/breezy-3.1.0/breezy/_bencode_pyx.c:11483:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/breezy-3.1.0/breezy/_chunks_to_lines_pyx.c:725:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/breezy-3.1.0/breezy/_chunks_to_lines_pyx.c:2580:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/breezy-3.1.0/breezy/_chunks_to_lines_pyx.c:3400:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/breezy-3.1.0/breezy/_chunks_to_lines_pyx.c:3404:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/breezy-3.1.0/breezy/_known_graph_pyx.c:725:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/breezy-3.1.0/breezy/_known_graph_pyx.c:17165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/breezy-3.1.0/breezy/_known_graph_pyx.c:17990:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/breezy-3.1.0/breezy/_known_graph_pyx.c:17994:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/breezy-3.1.0/breezy/_readdir_pyx.c:731:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/breezy-3.1.0/breezy/_readdir_pyx.c:3360:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). __pyx_v_orig_dir_fd = open(((char *)"."), O_RDONLY, 0); data/breezy-3.1.0/breezy/_readdir_pyx.c:7727:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/breezy-3.1.0/breezy/_readdir_pyx.c:7731:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/breezy-3.1.0/breezy/_rio_pyx.c:725:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/breezy-3.1.0/breezy/_rio_pyx.c:1684:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(__pyx_v_value, ((__pyx_v_line + __pyx_v_i) + 2), ((__pyx_v_len - __pyx_v_i) - 2))); data/breezy-3.1.0/breezy/_rio_pyx.c:1882:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(__pyx_v_value, (&(__pyx_v_line[(__pyx_v_i + 2)])), (((__pyx_v_len - __pyx_v_i) - 2) * (sizeof(Py_UNICODE))))); data/breezy-3.1.0/breezy/_rio_pyx.c:2460:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy((__pyx_v_accum_value + __pyx_v_accum_len), (__pyx_v_c_line + 1), (__pyx_v_c_len - 1))); data/breezy-3.1.0/breezy/_rio_pyx.c:3242:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy((&(__pyx_v_accum_value[__pyx_v_accum_len])), (&(__pyx_v_c_line[1])), ((__pyx_v_c_len - 1) * (sizeof(Py_UNICODE))))); data/breezy-3.1.0/breezy/_rio_pyx.c:4795:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/breezy-3.1.0/breezy/_rio_pyx.c:5668:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/breezy-3.1.0/breezy/_rio_pyx.c:5672:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/breezy-3.1.0/breezy/_simple_set_pyx.c:724:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/breezy-3.1.0/breezy/_simple_set_pyx.c:8413:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/breezy-3.1.0/breezy/_simple_set_pyx.c:9238:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/breezy-3.1.0/breezy/_simple_set_pyx.c:9242:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/breezy-3.1.0/breezy/_simple_set_pyx_api.h:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:727:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:834:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sha1[20]; data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:873:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char offsets[0x101]; data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:4714:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(__pyx_v_c_buf, ((char *)"sha1:"), 5)); data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:6000:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __pyx_v_sha1[20]; data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:6137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __pyx_v_sha1[20]; data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:9437:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(__pyx_v_out, __pyx_t_15, __pyx_v_key_len)); data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:9770:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(__pyx_v_out, PyBytes_AS_STRING(__pyx_v_ref_bit), __pyx_v_ref_bit_len)); data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:9836:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(__pyx_v_out, __pyx_v_value, __pyx_v_value_len)); data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:13319:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:14426:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:14430:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:727:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:1964:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. __pyx_v_next_line = ((char *)memchr((__pyx_v_cur[0]), '\n', (__pyx_v_end - (__pyx_v_cur[0])))); data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:3130:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(__pyx_v_c_entry, __pyx_v_prefix_tail, __pyx_v_prefix_tail_len)); data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:3158:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy((__pyx_v_c_entry + __pyx_v_prefix_tail_len), __pyx_v_line_start, (__pyx_v_next_null - __pyx_v_line_start))); data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:4323:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(__pyx_v_c_item_prefix, __pyx_v_prefix, __pyx_v_prefix_length)); data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:4341:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy((__pyx_v_c_item_prefix + __pyx_v_prefix_length), __pyx_v_cur, (__pyx_v_next_null - __pyx_v_cur))); data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:7013:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:7864:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:7868:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:728:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:7314:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __pyx_v_result[(6 * 4)]; data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:9193:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __pyx_v__minikind[1]; data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:29690:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:30608:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:30612:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:727:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:5518:20: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(__pyx_v_out, (__pyx_v_source + __pyx_v_cp_off), __pyx_v_cp_size)); data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:5630:20: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(__pyx_v_out, __pyx_v_data, __pyx_v_cmd)); data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:6311:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char __pyx_v_c_bytes[8]; data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:8662:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:10015:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:10019:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c:725:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c:6080:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c:6905:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c:6909:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/breezy-3.1.0/breezy/bzr/diff-delta.c:660:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. get_text(char buff[128], const unsigned char *ptr) data/breezy-3.1.0/breezy/bzr/diff-delta.c:683:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, start, cmd); data/breezy-3.1.0/breezy/_annotator_pyx.c:649:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/breezy-3.1.0/breezy/_annotator_pyx.c:770:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/breezy-3.1.0/breezy/_annotator_pyx.c:7484:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/breezy-3.1.0/breezy/_bencode_pyx.c:652:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/breezy-3.1.0/breezy/_bencode_pyx.c:773:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/breezy-3.1.0/breezy/_bencode_pyx.c:11527:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/breezy-3.1.0/breezy/_chunks_to_lines_pyx.c:649:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/breezy-3.1.0/breezy/_chunks_to_lines_pyx.c:770:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/breezy-3.1.0/breezy/_chunks_to_lines_pyx.c:3448:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/breezy-3.1.0/breezy/_known_graph_pyx.c:649:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/breezy-3.1.0/breezy/_known_graph_pyx.c:770:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/breezy-3.1.0/breezy/_known_graph_pyx.c:18038:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/breezy-3.1.0/breezy/_readdir_pyx.c:655:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/breezy-3.1.0/breezy/_readdir_pyx.c:776:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/breezy-3.1.0/breezy/_readdir_pyx.c:7775:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/breezy-3.1.0/breezy/_rio_pyx.c:649:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/breezy-3.1.0/breezy/_rio_pyx.c:770:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/breezy-3.1.0/breezy/_rio_pyx.c:5716:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/breezy-3.1.0/breezy/_simple_set_pyx.c:648:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/breezy-3.1.0/breezy/_simple_set_pyx.c:769:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/breezy-3.1.0/breezy/_simple_set_pyx.c:9323:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:651:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:772:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/breezy-3.1.0/breezy/bzr/_btree_serializer_pyx.c:14474:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:651:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:772:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/breezy-3.1.0/breezy/bzr/_chk_map_pyx.c:7912:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:652:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:773:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/breezy-3.1.0/breezy/bzr/_dirstate_helpers_pyx.c:30656:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:651:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:772:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/breezy-3.1.0/breezy/bzr/_groupcompress_pyx.c:10063:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c:649:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c:770:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/breezy-3.1.0/breezy/bzr/_knit_load_data_pyx.c:6953:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); ANALYSIS SUMMARY: Hits = 160 Lines analyzed = 139212 in approximately 4.06 seconds (34265 lines/second) Physical Source Lines of Code (SLOC) = 91853 Hits@level = [0] 5 [1] 36 [2] 75 [3] 32 [4] 17 [5] 0 Hits@level+ = [0+] 165 [1+] 160 [2+] 124 [3+] 49 [4+] 17 [5+] 0 Hits/KSLOC@level+ = [0+] 1.79635 [1+] 1.74191 [2+] 1.34998 [3+] 0.533461 [4+] 0.185078 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.